• Deciding to use SSL – Which certificate type should you choose?

    A guest article by Steve Waite, CEO, GlobalSign Americas

    An introduction to SSL

    There is still much confusion surrounding the trust and security of websites, but when building a web application that deals with any personal data, security is the first priority.  SSL provides a safe form for the transmission of data – like transferring a message inside a locked safe.

    The Secure Socket Layer (SSL) and Transport Layer Security (TLS) is the most widely deployed security protocol used today.  Technically, SSL is a transparent protocol which requires little interaction from the end user when establishing a secure session.   In the case of a browser for instance, users are alerted to the presence of SSL when the browser displays a padlock, or, in the case of Extended Validation SSL, when the address bar displays both a padlock and a green bar.  This is essentially the key to the success of SSL, as it is an incredibly simple experience for website visitors.

    SSL Certificates are small data files that digitally bind a cryptographic key to an organisation and/or website owner’s details.   When installed on a web server, it activates the padlock and the https protocol (over port 443) and allows secure connections from a web server to a browser.  Typically, SSL is used to secure credit card transactions, data transfer and logins, and more recently is becoming the norm when securing browsing of social media sites.

    Which SSL Certificate should you choose?

    One of the difficulties for almost every webmaster/IT department today is deciding which type of SSL Certificate to purchase and they are commonly faced with the battle of restricted budgets versus actual requirements.  However, just like the old saying “Quality over Quantity”, is it worth compromising on security for the lower spend, when paying that bit extra for an Extended Validation (EV) SSL Certificate can give you a high level of trust and assurance than standard SSL Certificates.

    With all customer facing websites, GlobalSign highly recommends using a high assurance Extended Validation SSL Certificate (more commonly known as EV SSL), which is instantly recognisable and assures visitors the website is provided by a legitimate company and can be fully trusted.  It helps to prevent against phishing attacks, copy-cat websites, we well as increases trust and brand reputation, often leading to reduced shopping cart abandonment rates and increase revenue!

    Which Certificate Authority should you choose?

    Unlike many CAs and SSL providers, GlobalSign prides itself on understanding SSL and what people need for the most effective use of SSL; which includes speed, reliability and on-going security checks for their webserver.

    Through numerous key partnerships and development of innovative solutions, GlobalSign now provides the Fastest SSL in the industry (up to 6 times faster than other SSL providers), due to its collaboration with CloudFlare to speed up the SSL “handshake” (called an OCSP response).

    GlobalSign also includes a portfolio of post SSL checks for the lifetime of the certificate after it has been issued, including Malware Monitoring powered by StopTheHacker to detect malicious injection of code into a site, a Phishing Alert Service in partnership with Netcraft, to detect any pages that might be hosting a potential phishing attack, as well as an advanced SSL Configuration Checker Tool  to ensure your SSL Certificates have been configured correctly on your server; examining over 30 common server configuration issues with detailed guides on how to rectify problems.

    To find out more about GlobalSign’s range of SSL Certificates please visit: http://www.globalsign.com/SSL